SAML 2.0 Configuration for Zendesk Support

The 10Duke Identity Bridge (IdB) works as a Single Sign-On (SSO) bridge between Consumer applications and an Identity Provider (IdP). In this case Zendesk Support is the Consumer application and the 10Duke Identity Bridge is configured as the trusted Identity Provider. A pre-requisite is that the 10Duke Identity Bridge is also configured to trust the IdP your organisation is using.

By completing the steps below, your users will be able to access Zendesk Support from a single click through from the portal provided through the 10Duke Identity Bridge. This process of logging into Zendesk Support or other cloud apps from a login portal provided is known as IDP-Initiated SAML.

The below steps describe a default configuration that is compatible with the default setup in the 10Duke Identity Bridge Console configuration. Other configuration options are available if you require a different setup.

Before configuring SAML Settings for Single Sign-On for Zendesk Support please make sure that:

  1. You have configured your identity provider in the 10Duke Identity Bridge Console (instructions available here)

  2. You have already started configuring Zendesk as a consumer application in the 10Duke Identity Bridge Console (instructions available here)

The following steps contain instructions for configuring SAML 2.0 for Zendesk.

  1. Log in to your Zendesk domain with your administrator username and password.

  2. Navigate to Admin > SETTINGS > Security

  3. Select the Admins & Agents or End-users tab. Note that you can enable SAML single sign-on only for end-users, only for agents, or for both groups.

  4. Choose the Single Sign On (SSO) option and select SAML.

  5. Enter the following information:

    1. SAML SSO URL
      • Sign into the 10Duke Identity Bridge Console to generate this value
    2. Certificate fingerprint - This is required for Zendesk Support to communicate with our SAML server.
      • Sign into the 10Duke Identity Bridge Console to generate this value
    3. Remote logout URL
      • Sign into the 10Duke Identity Bridge Console to generate this value
    4. (optional) IP Ranges: You can optionally restrict access to users within a range of IP addresses. Requests from these IP ranges will be routed via remote authentication. Requests from IP addresses outside these ranges will be routed to the normal sign-in form.
    5. (optional) Disabled Passwords: Make sure you don’t enable this option before the SAML configuration is tested successfully. Disabling passwords will prevent all agents and admins from authenticating with their Zendesk password. This includes the Zendesk API. Passwords will be permanently deleted within 24 hours.
    6. Click Save